The correct answer is B . In Zero Trust architecture, an initiator is not limited to a human user on a laptop. It can include many entity types that request access to a service, application, or data set. These can include managed devices, Internet of Things (IoT) systems, Operational Technology (OT) assets, and application workloads . This reflects the broader Zero Trust principle that trust decisions are applied to all requesting entities, not only to traditional employee endpoints.
This is important because modern enterprises no longer consist only of users on corporate desktops. They also include sensors, industrial systems, virtual machines, containers, and cloud-hosted workloads that generate access requests. Zero Trust must therefore evaluate the identity and context of these initiators using policy, posture, and risk rather than relying only on network location.
The other options are not correct because IP addresses, ports, and sockets are technical connection details, not the actual initiating entity in the Zero Trust model. A walled garden is also a network design concept, not a type of initiator. Therefore, the best answer is devices, IoT/OT, and workloads .
